Guía docente de Cyberprotection Systems (MQ2/56/1/10)
Máster
Módulo
Rama
Centro Responsable del título
Semestre
Créditos
Tipo
Tipo de enseñanza
Profesorado
- Antonio Miguel Mora García
Horario de Tutorías
Antonio Miguel Mora García
EmailBreve descripción de contenidos (Según memoria de verificación del Máster)
Perimeter defense. Cybersecurity sensors. Parsing of cybersecurity information. Prevention, detection and response mechanisms. Structure and organization of a CERT.
Prerrequisitos y/o Recomendaciones
Students will not be required to have passed any specific subjects as an essential prerequisite to pass this course. However, it is recommended that they have passed the content and acquired the competencies from previous semesters.
In case of that AI tools are used for course development, the student must adopt an ethical and responsible use of such tools. The recommendations contained in the document "Recommendations for the use of Artificial Intelligence at the UGR" must be followed, available at the following link: https://ceprud.ugr.es/formacion-tic/inteligencia-artificial/recomendaciones-ia#contenido0
Competencias
Competencias Básicas
- CB6. Poseer y comprender conocimientos que aporten una base u oportunidad de ser originales en desarrollo y/o aplicación de ideas, a menudo en un contexto de investigación.
- CB7. Que los estudiantes sepan aplicar los conocimientos adquiridos y su capacidad de resolución de problemas en entornos nuevos o poco conocidos dentro de contextos más amplios (o multidisciplinares) relacionados con su área de estudio.
- CB8. Que los estudiantes sean capaces de integrar conocimientos y enfrentarse a la complejidad de formular juicios a partir de una información que, siendo incompleta o limitada, incluya reflexiones sobre las responsabilidades sociales y éticas vinculadas a la aplicación de sus conocimientos y juicios.
- CB9. Que los estudiantes sepan comunicar sus conclusiones y los conocimientos y razones últimas que las sustentan a públicos especializados y no especializados de un modo claro y sin ambigüedades.
- CB10. Que los estudiantes posean las habilidades de aprendizaje que les permitan continuar estudiando de un modo que habrá de ser en gran medida autodirigido o autónomo.
Resultados de aprendizaje (Objetivos)
The purpose of this module is to develop student abilities to:
(i) know and understand the defensive lines of a system;
(ii) design and analyze cyber defense sensors: types, configuration and parsing;
(iii) design and evaluate passive and active detection systems passive detection and data integration models;
(iv) implement and analyze common response mechanisms;
(v) understand and organize the stucture of a Computer Emergency Response Team (CERT).
Programa de contenidos Teóricos y Prácticos
Teórico
L1: Introduction to Cyberprotection Systems
- Cyber Threat landscape
- Handling security incidents
- SOC (Security Operation Centers)
L2: Govern, Identify and Protect
L3: Monitoring and cyberdefense sensors
- Monitoring approaches
- Cyberdefense sensors and data sources.
L4: Detection and analysis
- Security events detection.
- Security incident analysis.
L5: Respond and recover procedures and mechanisms
- Automated response
Within each lesson, some short of related seminars or applied exercises will be introduced to be resolved either by the professor or the students themselves.
Práctico
LW1: Cyberdefense sensors and data sources
LW2: Security incident detection and analysis
LW3: Security incident response
Bibliografía
Bibliografía fundamental
- Kathryn K., Ingrid P., Carson Z. 11 Strategies of a World-Class Cybersecurity Operations Center. 2022. The MITTRE Corporation.
- Alex N., Sanjay R., Murugiah S., Karen S. Incident Response Recommendations and Considerations for Cybersecurity Risk Management (NIST 800-61r3). 2025. NIST.
- Connecting Networks Companion Guide. 2014. Cisco Press.
- Gorecki, A. Cyber breach response that actually works : Organizational approach to managing residual risk. 2020. John Wiley & Sons.
Bibliografía complementaria
- Muniz, J., y Lakhani, A. The Modern Security Operations Center. 2021. Addison-Wesley Professional.
- Cichonski, P., Millar, T., Grance, T., Scarfone, K. Computer Security Incident Handling Guide (NIST 800-61-r2). 2012. NIST
- Bejtlich, R. The practice of network security monitoring: understanding incident detection and response. 2013. No Starch Press.
- David F., Christian A., Josh V. Modern Network Observability. 2024. <packt>
Enlaces recomendados
Metodología docente
Evaluación (instrumentos de evaluación, criterios de evaluación y porcentaje sobre la calificación final.)
Evaluación Ordinaria
Article 18 of the Evaluation and Grading Regulations for Students at the University of Granada establishes that the ordinary call will preferably be based on the student’s continuous assessment, except for those who have been granted the right to a final single assessment. Below are the evaluation tools, grading criteria, and their percentage weight in the final grade:
Theoretical component (40% weight):
The evaluation of the theoretical component will be carried out through a written exam. It will be conducted at the end of the course and will cover all the topics addressed throughout the semester.
Practical component (50% weight):
The practical sessions will be evaluated through a follow-up test on the activities carried out during the sessions, problems/exercises proposed and submitted by students or oral presentations using slides.
The final grade for the course will be the sum of the grades for the theoretical component and the practical component. To officially pass the course, the following conditions must be met:
- The grade for the theoretical component must be equal to or greater than 15% of its maximum score, that is, at least 0.6 out of 4 points.
- The overall grade must be equal to or greater than 5 out of 10 points.
Attendance (10% weight):
It is strongly recommended to attend both theoretical and practical sessions though it is not mandatory. Those students who attend all sessions will get a maximum score in this part which is 1 out 10 points.
Evaluación Extraordinaria
Article 19 of the Evaluation and Grading Regulations for Students at the University of Granada states that students who have not passed the course during the ordinary examination session will have access to an extraordinary examination session. All students may participate in this session, regardless of whether or not they have followed a process of continuous assessment.
Thus, students who have not participated in continuous assessment will have the opportunity to obtain 100% of the final grade by completing an exam and/or a project.
In the extraordinary session, students will retain the grades obtained in the ordinary session for the practical component, unless they notify the professor at least one week before the examination date. In such cases, they will take an additional exam covering the corresponding part. The theoretical component will be assessed through an in-person written exam.
Evaluación única final
Under the regulatory framework described in Article 8 of the Evaluation and Grading Regulations for Students at the University of Granada, and for students who opt for the single final assessment, this evaluation modality will consist of all the tests that the professor deems appropriate in a single written exam session, covering theoretical and practical content. The goal is to ensure that the student has acquired all the general and specific competencies associated with the course.
Información adicional
The office and supporting hours can be found on Antonio M. Mora García’s profile.
Información de interés para estudiantado con discapacidad y/o Necesidades Específicas de Apoyo Educativo (NEAE): Gestión de servicios y apoyos (https://ve.ugr.es/servicios/atencion-social/estudiantes-con-discapacidad).
Software Libre
Wazuh (EDR): https://wazuh.com/
Suricata (NIDS): https://suricata.io/